On Wed, Mar 13, 2019 at 09:37:34AM -0700, Andrew Morton wrote:
> On Tue, 12 Mar 2019 14:49:10 -0700 "Darrick J. Wong" <darrick.wong@xxxxxxxxxx> wrote:
>
> > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> >
> > ocfs2_reflink_inodes_lock can swap the inode1/inode2 variables so that
> > we always grab cluster locks in order of increasing inode number.
> > Unfortunately, we forget to swap the inode record buffer head pointers
> > when we've done this, which leads to incorrect bookkeepping when we're
> > trying to make the two inodes have the same refcount tree.
> >
> > This has the effect of causing filesystem shutdowns if you're trying to
> > reflink data from inode 100 into inode 97, where inode 100 already has a
> > refcount tree attached and inode 97 doesn't. The reflink code decides
> > to copy the refcount tree pointer from 100 to 97, but uses inode 97's
> > inode record to open the tree root (which it doesn't have) and blows up.
> > This issue causes filesystem shutdowns and metadata corruption!
>
> Sounds serious.
>
> > Fixes: 29ac8e856cb369 ("ocfs2: implement the VFS clone_range, copy_range, and dedupe_range features")]
>
> November 2016. Should we be adding cc:stable?
Yeah. I sent along an RFC version of the testcase (generic/94[134])
that hit this bug now that I've been able to get an overnight testing
run completed with the new tests on the other filesystems.
--D
> Folks, could we please get prompt review of this one?
>
> > mark@xxxxxxxxxx
>
> hm, I have mfasheh@xxxxxxxxxxx but MAINTAINERS says mark@xxxxxxxxxx.
> Mark, can you please clarify?
